Skip to content
Awareity
Awareity

The Pre-Incident Prevention Experts

Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • In The News
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Partners in Prevention
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Heartland Payment Processor on PCI “Probation”…Compliance is not a Once a Year Thing

By: Awareity
On: April 6, 2009

In one of the largest data breaches to date, Heartland Payment Company compromised the cards of over 100 million people, almost 1/3 of the U.S. population.

In addition to dealing with a damaged reputation, expensive notifications and fallout, and continued lawsuits from affected banks and credit Unions, the latest hit to Heartland came from Visa.  Visa recently took action at Heartland by suspending the data breach victim and removing it from Visa’s online list of PCI-DSS compliant providers.

Heartland was last certified as PCI-DSS compliant in April 2008 but in a presentation given earlier this month by two Visa executives, Visa was quoted as saying, “As of today, no compromised entity as been found to be compliant at the time of the breach”.

Of course they weren’t!  How can an organization that exposes 100 million credit card accounts be considered PCI compliant?  And…compliance on April 1 does not equal Security on April 1.   

Heartland is yet another learning experience of how critical it is for organizations to not only focus on getting past the upcoming compliance examination, but to truly and proactively maintain a secure organization throughout the year.   A comprehensive approach to security includes ongoing assessments, ongoing updates, ongoing testing, ongoing training, etc.  Employees must be continuously updated on new risks, threats, best practices, etc. on an ongoing basis.  Once-a-year training is not enough.  Once-a-year compliance is also not enough. 

How many more data breaches will we see before organizational leaders realize the importance of implementing lessons learned?

2009-04-06
Previous Post: Leaders Must Learn From Others’ Mistakes Too
Next Post: Swine Flu: U.S. Declares “Emergency of Preparedness”

READ MORE:

WATCH MORE:

Not seeing the form to request information? Drop us a line and we’ll send you more information!

Recent Blog Posts

Higher Ed Research facts, silos, and different actions

April 10, 2025

Community Research facts, silos, and different actions

April 10, 2025

K12 Research facts, silos, and different actions

April 3, 2025

Bias-based Decisions Can Be Overcome

December 4, 2024

First Preventers Believe…

October 18, 2024

Rick Shaw, Founder & CEO

Click here to learn more about Founder, CEO, and Prevention Specialist, Rick Shaw.

Awareity on Twitter

Tweets by Awareity

Search

Tweets by Awareity

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

 | |

Designed using Dispatch Premium. Powered by WordPress.

This site uses cookies to ensure that we give you the best experience on our website. Continuing to use this site means you are agreeing to the use of cookies.Ok